You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now, there's only a handful of headers that are only being set for the preflight request. They must be set for both the preflight and actual request. https://fetch.spec.whatwg.org/#http-responses
Only Access-Control-Allow-Origin is being set here.
Description
Right now, there's only a handful of headers that are only being set for the preflight request. They must be set for both the preflight and actual request.
https://fetch.spec.whatwg.org/#http-responses
Only
Access-Control-Allow-Origin
is being set here.litestar/litestar/middleware/cors.py
Lines 61 to 73 in 1fb981d
Only
Access-Control-Allow-Credentials
andAccess-Control-Expose-Headers
get set here, and this is what the above code uses to update headerslitestar/litestar/config/cors.py
Lines 123 to 136 in 1fb981d
This still doesn't account for:
which are only set on preflight, but should also be set to the actual request.
Litestar Version
2.2.1
Platform
Note
While we are open for sponsoring on GitHub Sponsors and
OpenCollective, we also utilize Polar.sh to engage in pledge-based sponsorship.
Check out all issues funded or available for funding on our Polar.sh dashboard
The text was updated successfully, but these errors were encountered: